Reader Comments (rss)

(Flattened / Threaded)

1.  

   No Subject Given

   

   Ina Steiner, Dec 20th, 2004 @ 9:22am

   
   

   Too true. I've been writing about PayPal phishing since June 2002. The only way to avoid phishing scams is to never click on a link to a log-in page, yet I continue to get emails from financial insitutions with such links. All companies need to emphasize that users should log-in to their accounts through their browswers. There is no technology fix for scams involving social engineering. It's appalling the lack of industry cooperation with regard to fraud, this will hurt ecommerce.

   [ reply to this | link to this | view in thread ]

2.  

   No Subject Given

   

   Anonymous, Dec 20th, 2004 @ 11:08am

   
   

   Just a curiousity thing that I've always wondered about Phishing scams: The good looking, but bogus, link points somewhere... How come the bogus server is on the air 10 minutes after the legitimate institution gets a copy of the phish? I.E. Why doesn't Citibank, Paypal, whomever go after the server with all guns blazing? These things are clear fraud, they should be able to get law enforcment engaged very quickly and raid the site?
   
   

   [ reply to this | link to this | view in thread ]

3.  

   phishing

   

   anonymous, Dec 20th, 2004 @ 11:41am

   
   

   The best way to discourage phishing is to encourage everyone to respond with bogus information--flood the phishers with noise.

   [ reply to this | link to this | view in thread ]

4.  

   Citizens stop phishing on their own?

   

   Phish Phinder, Dec 25th, 2004 @ 7:35am

   
   

   Maybe someone's already doing this, maybe it's time someone did. Why doesn't someone develop a "shared bandwidth" 1-time DoS hub and allow volunteers to first verify a phishing site (multiple people for authenticity) and allow 'members' of the site to donate a very small part of their bandwidth each to hammer on the phishing site(s)? I believe it could be legal if the volunteers who were *cough* "looking at the phishing site to see if it were still online" just had a browser on refresh... for most of these phishing sites.. they are going to choke/be rendered useless, or have the plug pulled for exceeding allowed bandwidth very quickly. Safeguards and checks would have to be put in place.. obviously... but the sequence would go something like:
   1. Phishing Site Reported
   2. Notice sent to 'verification team' a team of verified volunteers who would each login to a hub/secure server to approve/disapprove the 'listing' of the reported site.
   3. When x-number of 'verifications' happen.. the site is listed online or sent via dispatch to the "browsing volunteers".
   4. They 'browse the site' until they receive notice it's down. Once notice is received... they give the ISP back his bandwidth.
   Is it vigilantism or is it civil justice? We built the Internet, we the global users also must protect it. IF I see enough positive responses to the idea, I will donate or assist with building a hub for the purpose.

   [ reply to this | link to this | view in thread ]

Add Your Comment